BST-17875: add forbidden component rule for sci-sca scanner (#260) (#216)

fproulx-boostsecurity · web-flow · commit 5fd07005cfb5 · 2025-11-12T15:55:04.000-05:00
diff --git a/server-side-scanners/boostsecurityio/sci-sca/rules.yaml b/server-side-scanners/boostsecurityio/sci-sca/rules.yaml
@@ -16,3 +16,14 @@ rules:
     pretty_name: Use of Unsafe AI model
     ref: https://huggingface.co/docs/hub/en/security-pickle
     recommended: true
+  forbidden-component:
+    categories:
+      - ALL
+      - boost-baseline
+      - use-of-forbidden-component
+    description: Project with Unauthorized Component
+    name: forbidden-component
+    group: component-violations
+    pretty_name: Project with Unauthorized Component
+    ref: https://docs.boostsecurity.io/rules/index.html 
+    recommended: true
